A Conceptual Model for Data-Driven Threat Analysis for Enhancing Cyber Security

Technology has become increasingly adopted by businesses for achieving overall objectives. Systems within these technologies generate a huge amount of data. It is necessary to identify the data and undertake appropriate controls to protect the data from any potential threats. Data, in general, is different types, such as operational and business which have different costs and impact on the overall business continuity. Threat analysis needs to consider various data types and associated weaknesses related to an organisational context's systems and applications. There are numerous threat models available, but there is a lack of focus on analysing and prioritizing threats relating to the data. This paper presents a data-driven approach for threat analysis and a conceptual model. The model includes several concepts, i.e., actor, infrastructure, data and weakness, to analyse the data and threats from three phases management, control and business. Finally, a running example is used to demonstrate the applicability of the work.